Estafas de phishing: casos recientes y cómo reconocerlas
El phishing sigue siendo el primer vector de fraude en Europa. Esta página recopila los casos confirmados por los CSIRT nacionales y las fuerzas del orden, además de los patrones que Mythos ha identificado en los mensajes enviados por los usuarios.
Email o SMS de 'Amazon' informa que el cobro de Prime ha fallado y la cuenta sera suspendida en 24h. Link a amazon-prime-renovar.es (real: amazon.es). Roba credenciales Amazon, tarjeta de credito...
Campana INCIBE-2026-165: email/SMS suplanta a Mi Carpeta Ciudadana (portal de la Administracion) anunciando un ingreso pendiente de 552,97 EUR. Enlace a clon que pide DNI, numero de cuenta y claves...
Correo electronico simula a la Tesoreria General de la Seguridad Social (TGSS) advirtiendo que la prestacion (paro, IMV, jubilacion) sera suspendida si no se actualizan los datos. Enlace a...
Email o SMS suplanta a la DGT (Direccion General de Trafico) y reclama una multa de 60-300 EUR por exceso de velocidad o por no pasar la ITV. Enlace a dgt-multas-pago.es (real: sede.dgt.gob.es). Pide...
SMS suplantando a Correos, SEUR, MRW o GLS informa de un paquete retenido en aduanas y pide pagar 1,79-3,29 EUR. El enlace lleva a correos-aduana.es (real: correos.es). Roba datos de tarjeta y codigo...
Email o SMS imita a la Agencia Tributaria anunciando devolucion de IRPF de 137-587 EUR. El enlace lleva a agenciatributaria-devolucion.es (real: agenciatributaria.gob.es). Solicita DNI, IBAN, tarjeta...
SMS suplantando a Banco Santander, BBVA, CaixaBank o Sabadell informa de un 'movimiento inusual' de 750-2.500 EUR y pide pulsar un enlace para 'verificar la operacion'. El dominio es...
The FBI is warning that cyber criminals are increasingly weaponizing Traffic Distribution Systems (TDS) to silently steer everyday internet users from legitimate-looking ads, search results, and even...
Criminals are using unsolicited FaceTime calls to impersonate Apple Support, banks, or financial institutions, pressuring victims into sharing card details, online banking credentials, Apple ID...
Researchers at Arctic Wolf uncovered a campaign in which 292 fake GitHub repositories posed as well-known security products, cryptocurrency tools, developer utilities, and other popular software....
Scammers increasingly use AI tools to create deceptively realistic images for phishing emails, fake shop websites, social media profiles, and fraudulent product listings. The NCSC Switzerland weekly...
Scammers build polished lookalike crypto-to-gift-card storefronts that mimic real platforms (dark theme, trust badges, "Pay with crypto" buttons) to steal your Bitcoin or Ethereum. Victims either...
Researchers at SANS Internet Storm Center have observed a new twist on credential-stealing phishing: HTML attachments padded with thousands of HTML comments to swell the file to ~2.5 MB. The goal is...
A new phishing-as-a-service platform called Forg365 is helping scammers steal Microsoft 365 credentials using adversary-in-the-middle (AiTM) proxies and Microsoft device-code authentication flows,...
Scammers are sending letters from fake law firms claiming you are the heir to a life insurance policy worth millions, just because you share a last name with the deceased. They offer to 'split' the...
Attackers are using a clever phishing trick that abuses Microsoft’s own legitimate login page (microsoft.com/devicelogin). Instead of sending you to a fake site, they trick you into visiting the real...
The holiday season is peak time for cybercriminals. Fake booking platforms, fraudulent ticket websites, and stolen smartphones can quickly turn a planned break into a major source of stress....
Email accounts are a top target because they control password resets for nearly every other online service you use. With a single compromised inbox, attackers can intercept banking codes, impersonate...